Search criteria
1 vulnerability by GuanxingLu
CVE-2025-10975 (GCVE-0-2025-10975)
Vulnerability from cvelistv5 – Published: 2025-09-25 21:32 – Updated: 2025-09-26 17:53
VLAI?
Title
GuanxingLu vlarl ZeroMQ reasoning_server.py run_reasoning_server deserialization
Summary
A vulnerability was found in GuanxingLu vlarl up to 31abc0baf53ef8f5db666a1c882e1ea64def2997. This vulnerability affects the function experiments.robot.bridge.reasoning_server::run_reasoning_server of the file experiments/robot/bridge/reasoning_server.py of the component ZeroMQ. Performing manipulation of the argument Message results in deserialization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GuanxingLu | vlarl |
Affected:
31abc0baf53ef8f5db666a1c882e1ea64def2997
|
Credits
zznQ (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10975",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-26T17:36:49.431563Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T17:53:07.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/GuanxingLu/vlarl/issues/18"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/GuanxingLu/vlarl/issues/18#issue-3408978610"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"ZeroMQ"
],
"product": "vlarl",
"vendor": "GuanxingLu",
"versions": [
{
"status": "affected",
"version": "31abc0baf53ef8f5db666a1c882e1ea64def2997"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zznQ (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in GuanxingLu vlarl up to 31abc0baf53ef8f5db666a1c882e1ea64def2997. This vulnerability affects the function experiments.robot.bridge.reasoning_server::run_reasoning_server of the file experiments/robot/bridge/reasoning_server.py of the component ZeroMQ. Performing manipulation of the argument Message results in deserialization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided."
},
{
"lang": "de",
"value": "In GuanxingLu vlarl up to 31abc0baf53ef8f5db666a1c882e1ea64def2997 wurde eine Schwachstelle gefunden. Es geht um die Funktion experiments.robot.bridge.reasoning_server::run_reasoning_server der Datei experiments/robot/bridge/reasoning_server.py der Komponente ZeroMQ. Durch Beeinflussen des Arguments Message mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden. Das Produkt nutzt ein Rolling Release f\u00fcr die kontinuierliche Auslieferung. Deshalb gibt es keine Versionsangaben zu betroffenen oder aktualisierten Releases."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T21:32:07.791Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-325846 | GuanxingLu vlarl ZeroMQ reasoning_server.py run_reasoning_server deserialization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.325846"
},
{
"name": "VDB-325846 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.325846"
},
{
"name": "Submit #653279 | vlarl latest Insecure Deserialization(leads to Remote Code Execution)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.653279"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/GuanxingLu/vlarl/issues/18"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/GuanxingLu/vlarl/issues/18#issue-3408978610"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-25T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-25T16:17:20.000Z",
"value": "VulDB entry last update"
}
],
"title": "GuanxingLu vlarl ZeroMQ reasoning_server.py run_reasoning_server deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10975",
"datePublished": "2025-09-25T21:32:07.791Z",
"dateReserved": "2025-09-25T14:12:06.699Z",
"dateUpdated": "2025-09-26T17:53:07.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}